stable

atuin-18.3.0-4.fc41, awatcher-0.3.1-2.fc41, & 3 more

FEDORA-2025-297c7ac7fe created by decathorpe 3 weeks ago for Fedora 41

Rebuild applications to apply two recent security updates:

  • build with idna 1.0.0+ to address CVE-2024-12224 (idna accepts Punycode labels that do not produce any non-ASCII when decoded)
  • build with crossbeam-channel 0.5.15+ to address CVE-2025-4574 (potential double-free on Drop)

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-297c7ac7fe

This update's test gating status has been changed to 'waiting'.

3 weeks ago

This update's test gating status has been changed to 'ignored'.

3 weeks ago

This update has been submitted for testing by bodhi.

3 weeks ago

This update has been pushed to testing.

3 weeks ago

This update has been submitted for stable by bodhi.

2 weeks ago

This update has been pushed to stable.

a week ago

Please log in to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 weeks ago
in testing
3 weeks ago
in stable
a week ago
approved
2 weeks ago
Builds
5
atuin-18.3.0-4.fc41
awatcher-0.3.1-2.fc41
gotify-desktop-1.3.7-5.fc41
keylime-agent-rust-0.2.7-5.fc41
mirrorlist-server-3.0.7-7.fc41
BZ#2366525 CVE-2025-4574 atuin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
0
0
BZ#2366527 CVE-2025-4574 awatcher: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41]
0
0
BZ#2370559 CVE-2024-12224 atuin: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
0
0
BZ#2370561 CVE-2024-12224 awatcher: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
0
0
BZ#2370566 CVE-2024-12224 gotify-desktop: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
0
0
BZ#2370568 CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
0
0
BZ#2370570 CVE-2024-12224 mirrorlist-server: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-41]
0
0
atuin-18.3.0-4.fc41
awatcher-0.3.1-2.fc41
gotify-desktop-1.3.7-5.fc41
keylime-agent-rust-0.2.7-5.fc41
mirrorlist-server-3.0.7-7.fc41

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-2-cmh9v.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy